<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="generator" content="AsciiDoc 8.2.2" />
<style type="text/css">
/* Debug borders */
p, li, dt, dd, div, pre, h1, h2, h3, h4, h5, h6 {
/*
  border: 1px solid red;
*/
}

body {
  margin: 1em 5% 1em 5%;
}

a {
  color: blue;
  text-decoration: underline;
}
a:visited {
  color: fuchsia;
}

em {
  font-style: italic;
}

strong {
  font-weight: bold;
}

tt {
  color: navy;
}

h1, h2, h3, h4, h5, h6 {
  color: #527bbd;
  font-family: sans-serif;
  margin-top: 1.2em;
  margin-bottom: 0.5em;
  line-height: 1.3;
}

h1 {
  border-bottom: 2px solid silver;
}
h2 {
  border-bottom: 2px solid silver;
  padding-top: 0.5em;
}

div.sectionbody {
  font-family: serif;
  margin-left: 0;
}

hr {
  border: 1px solid silver;
}

p {
  margin-top: 0.5em;
  margin-bottom: 0.5em;
}

pre {
  padding: 0;
  margin: 0;
}

span#author {
  color: #527bbd;
  font-family: sans-serif;
  font-weight: bold;
  font-size: 1.1em;
}
span#email {
}
span#revision {
  font-family: sans-serif;
}

div#footer {
  font-family: sans-serif;
  font-size: small;
  border-top: 2px solid silver;
  padding-top: 0.5em;
  margin-top: 4.0em;
}
div#footer-text {
  float: left;
  padding-bottom: 0.5em;
}
div#footer-badges {
  float: right;
  padding-bottom: 0.5em;
}

div#preamble,
div.tableblock, div.imageblock, div.exampleblock, div.verseblock,
div.quoteblock, div.literalblock, div.listingblock, div.sidebarblock,
div.admonitionblock {
  margin-right: 10%;
  margin-top: 1.5em;
  margin-bottom: 1.5em;
}
div.admonitionblock {
  margin-top: 2.5em;
  margin-bottom: 2.5em;
}

div.content { /* Block element content. */
  padding: 0;
}

/* Block element titles. */
div.title, caption.title {
  font-family: sans-serif;
  font-weight: bold;
  text-align: left;
  margin-top: 1.0em;
  margin-bottom: 0.5em;
}
div.title + * {
  margin-top: 0;
}

td div.title:first-child {
  margin-top: 0.0em;
}
div.content div.title:first-child {
  margin-top: 0.0em;
}
div.content + div.title {
  margin-top: 0.0em;
}

div.sidebarblock > div.content {
  background: #ffffee;
  border: 1px solid silver;
  padding: 0.5em;
}

div.listingblock {
  margin-right: 0%;
}
div.listingblock > div.content {
  border: 1px solid silver;
  background: #f4f4f4;
  padding: 0.5em;
}

div.quoteblock > div.content {
  padding-left: 2.0em;
}

div.attribution {
  text-align: right;
}
div.verseblock + div.attribution {
  text-align: left;
}

div.admonitionblock .icon {
  vertical-align: top;
  font-size: 1.1em;
  font-weight: bold;
  text-decoration: underline;
  color: #527bbd;
  padding-right: 0.5em;
}
div.admonitionblock td.content {
  padding-left: 0.5em;
  border-left: 2px solid silver;
}

div.exampleblock > div.content {
  border-left: 2px solid silver;
  padding: 0.5em;
}

div.verseblock div.content {
  white-space: pre;
}

div.imageblock div.content { padding-left: 0; }
div.imageblock img { border: 1px solid silver; }
span.image img { border-style: none; }

dl {
  margin-top: 0.8em;
  margin-bottom: 0.8em;
}
dt {
  margin-top: 0.5em;
  margin-bottom: 0;
  font-style: italic;
}
dd > *:first-child {
  margin-top: 0;
}

ul, ol {
    list-style-position: outside;
}
ol.olist2 {
  list-style-type: lower-alpha;
}

div.tableblock > table {
  border: 3px solid #527bbd;
}
thead {
  font-family: sans-serif;
  font-weight: bold;
}
tfoot {
  font-weight: bold;
}

div.hlist {
  margin-top: 0.8em;
  margin-bottom: 0.8em;
}
div.hlist td {
  padding-bottom: 5px;
}
td.hlist1 {
  vertical-align: top;
  font-style: italic;
  padding-right: 0.8em;
}
td.hlist2 {
  vertical-align: top;
}

@media print {
  div#footer-badges { display: none; }
}

div#toctitle {
  color: #527bbd;
  font-family: sans-serif;
  font-size: 1.1em;
  font-weight: bold;
  margin-top: 1.0em;
  margin-bottom: 0.1em;
}

div.toclevel1, div.toclevel2, div.toclevel3, div.toclevel4 {
  margin-top: 0;
  margin-bottom: 0;
}
div.toclevel2 {
  margin-left: 2em;
  font-size: 0.9em;
}
div.toclevel3 {
  margin-left: 4em;
  font-size: 0.9em;
}
div.toclevel4 {
  margin-left: 6em;
  font-size: 0.9em;
}
/* Workarounds for IE6's broken and incomplete CSS2. */

div.sidebar-content {
  background: #ffffee;
  border: 1px solid silver;
  padding: 0.5em;
}
div.sidebar-title, div.image-title {
  font-family: sans-serif;
  font-weight: bold;
  margin-top: 0.0em;
  margin-bottom: 0.5em;
}

div.listingblock div.content {
  border: 1px solid silver;
  background: #f4f4f4;
  padding: 0.5em;
}

div.quoteblock-content {
  padding-left: 2.0em;
}

div.exampleblock-content {
  border-left: 2px solid silver;
  padding-left: 0.5em;
}

/* IE6 sets dynamically generated links as visited. */
div#toc a:visited { color: blue; }
</style>
<script type="text/javascript">
/*<![CDATA[*/
window.onload = function(){generateToc(2)}
/* Author: Mihai Bazon, September 2002
 * http://students.infoiasi.ro/~mishoo
 *
 * Table Of Content generator
 * Version: 0.4.sp
 *
 * Feel free to use this script under the terms of the GNU General Public
 * License, as long as you do not remove or alter this notice.
 */

 /* modified by Troy D. Hanson, September 2006. License: GPL */
 /* modified by Stuart Rackham, October 2006. License: GPL */
 /* modified by Shawn Pearce, August 2009. License: GPL */

function getText(el) {
  var text = "";
  for (var i = el.firstChild; i != null; i = i.nextSibling) {
    if (i.nodeType == 3 /* Node.TEXT_NODE */) // IE doesn't speak constants.
      text += i.data;
    else if (i.firstChild != null)
      text += getText(i);
  }
  return text;
}

function TocEntry(el, text, toclevel) {
  this.element = el;
  this.text = text;
  this.toclevel = toclevel;
  this.assigned = false;

  if (el.id != '') {
    this.id = el.id;

  } else {
    var a = el.firstChild;
    if ((a.tagName == "a" || a.tagName == "A") && a.id != "") {
      this.id = a.id;
    } else {
      this.id = '';
    }
  }
}

function tocEntries(el, toclevels) {
  var result = new Array;
  var re = new RegExp('[hH]([2-'+(toclevels+1)+'])');
  // Function that scans the DOM tree for header elements (the DOM2
  // nodeIterator API would be a better technique but not supported by all
  // browsers).
  var iterate = function (el) {
    for (var i = el.firstChild; i != null; i = i.nextSibling) {
      if (i.nodeType == 1 /* Node.ELEMENT_NODE */) {
        var mo = re.exec(i.tagName)
        if (mo)
          result[result.length] = new TocEntry(i, getText(i), mo[1]-1);
        iterate(i);
      }
    }
  }
  iterate(el);
  return result;
}

// This function does the work. toclevels = 1..4.
function generateToc(toclevels) {
  var simple_re = new RegExp('^[a-zA-Z._ -]{1,}$');
  var entries = tocEntries(document.getElementsByTagName("body")[0], toclevels);
  var usedIds = new Array();

  for (var i = 0; i < entries.length; ++i) {
    var entry = entries[i];
    if (entry.id != "")
      usedIds[entry.id] = entry;
  }

  for (var i = 0; i < entries.length; ++i) {
    var entry = entries[i];
    if (entry.id != "" || !simple_re.exec(entry.text))
      continue;

    var n = entry.text.replace(/ /g, '_').toLowerCase();
    var e = usedIds[n];
    if (e) {
      if (e.assigned)
        e.id = '';
      continue;
    }

    entry.assigned = true;
    entry.id = n;
    entry.element.id = entry.id;
    usedIds[n] = entry;
  }

  for (var i = 0; i < entries.length; ++i) {
    var entry = entries[i];
    if (entry.id == '') {
      entry.id = "toc" + i;
      entry.element.id = entry.id;
    }
  }

  var toc = document.getElementById("toc");
  for (var i = 0; i < entries.length; ++i) {
    var entry = entries[i];
    var a = document.createElement("a");
    a.href = "#" + entry.id;
    a.appendChild(document.createTextNode(entry.text));
    var div = document.createElement("div");
    div.appendChild(a);
    div.className = "toclevel" + entry.toclevel;
    toc.appendChild(div);
  }
}
/*]]>*/
</script>
<title>Gerrit2 - Configuration</title>
</head>
<body>
<div id="header">
<h1>Gerrit2 - Configuration</h1>
<span id="revision">version v2.0.24</span>
<div id="toc">
  <div id="toctitle">Table of Contents</div>
  <noscript><p><b>JavaScript must be enabled in your browser to display the table of contents.</b></p></noscript>
</div>
</div>
<h2>File <tt>gerrit.config</tt></h2>
<div class="sectionbody">
<p>The optional file <tt><em>$site_path</em>/gerrit.config</tt> is a Git-style config
file that controls many host specific settings for Gerrit.</p>
<div class="admonitionblock">
<table><tr>
<td class="icon">
<div class="title">Note</div>
</td>
<td class="content">The contents of the <tt>gerrit.config</tt> file are cached at startup
by Gerrit.  If you modify any propeties in this file, Gerrit needs
to be restarted before it will use the new values.</td>
</tr></table>
</div>
<p>Sample <tt>gerrit.config</tt>:</p>
<div class="listingblock">
<div class="content">
<pre><tt>[core]
        packedGitLimit = 200 m

[cache]
        directory = /var/cache/gerrit2

[cache "diff"]
        diskbuffer = 10 m</tt></pre>
</div></div>
<h3><a id="auth"></a>Section auth</h3>
<p>See also <a href="config-sso.html">SSO configuration</a>.</p>
<dl>
<dt>
<a id="auth.type"></a>auth.type
</dt>
<dd>
<p>Type of user authentication employed by Gerrit.  The supported
values are:</p>
<ul>
<li>
<p>
<tt>OpenID</tt>
</p>
<p>The default setting.  Gerrit uses any valid OpenID
provider chosen by the end-user.  For more information see
<a href="http://openid.net/">openid.net</a>.</p>
</li>
<li>
<p>
<tt>HTTP</tt>
</p>
<p>Gerrit relies upon data presented in the HTTP request.  This includes
HTTP basic authentication, or some types of commerical single-sign-on
solutions.  With this setting enabled the authentication must
take place in the web server or servlet container, and not from
within Gerrit.</p>
</li>
<li>
<p>
<tt>HTTP_LDAP</tt>
</p>
<p>Exactly like <tt>HTTP</tt> (above), but additionally Gerrit pre-populates
a user's full name and email address based on information obtained
from the user's account object in LDAP.  The user's group membership
is also pulled from LDAP, making any LDAP groups that a user is a
member of available as groups in Gerrit.</p>
</li>
<li>
<p>
<tt>LDAP</tt>
</p>
<p>Gerrit prompts the user to enter a username and a password, which
it then verifies by performing a simple bind against the configured
<a href="#ldap.server">ldap.server</a>.  In this configuration the web server
is not involved in the user authentication process.</p>
</li>
<li>
<p>
<tt>DEVELOPMENT_BECOME_ANY_ACCOUNT</tt>
</p>
<p><strong>DO NOT USE</strong>.  Only for use in a development environment.</p>
<p>When this is the configured authentication method a hyperlink titled
<tt>Become</tt> appears in the top right corner of the page, taking the
user to a form where they can enter the username of any existing
user account, and immediately login as that account, without any
authentication taking place.  This form of authentication is only
useful for the GWT hosted mode shell, where OpenID authentication
redirects might be risky to the developer's host computer, and HTTP
authentication is not possible.</p>
</li>
</ul>
<p>By default, OpenID.</p>
</dd>
<dt>
<a id="auth.trustedOpenID"></a>auth.trustedOpenID
</dt>
<dd>
<p>List of trusted OpenID providers.  Only used if <tt>auth.type</tt> was
set to OpenID (the default).</p>
<p>In order for a user to take advantage of permissions beyond those
granted to the <tt>Anonymous Users</tt> and <tt>Registered Users</tt> groups,
the user account must only have OpenIDs which match at least one
pattern from this list.</p>
<p>Patterns may be either a regular expression (start with <tt>^</tt> and
end with <tt>$</tt>) or be a simple prefix (any other string).</p>
<p>By default, the list contains two values, <tt>http://</tt> and <tt>https://</tt>,
allowing Gerrit to trust any OpenID it receives.</p>
</dd>
<dt>
<a id="auth.httpHeader"></a>auth.httpHeader
</dt>
<dd>
<p>HTTP header to trust the username from, or unset to select HTTP basic
or digest authentication.  Only used if <tt>auth.type</tt> was set to HTTP.</p>
</dd>
<dt>
<a id="auth.logoutUrl"></a>auth.logoutUrl
</dt>
<dd>
<p>URL to redirect a browser to after the end-user has clicked on the
"Sign Out" link in the upper right corner.  Organizations using an
enterprise single-sign-on solution may want to redirect the browser
to the SSO product's sign-out page.</p>
<p>If not set, the redirect returns to the list of all open changes.</p>
</dd>
<dt>
<a id="auth.emailFormat"></a>auth.emailFormat
</dt>
<dd>
<p>Optional format string to construct user email addresses out of
user login names.  Only used if auth.type is <tt>HTTP</tt>, <tt>HTTP_LDAP</tt>
or <tt>LDAP</tt>.</p>
<p>This value can be set to a format string, where <tt>{0}</tt> is replaced
with the login name.  E.g. "{0}+gerrit@example.com" with a user
login name of "foo" will produce "foo+gerrit@example.com" during
the first time user "foo" registers.</p>
<p>If the site is using <tt>HTTP_LDAP</tt> or <tt>LDAP</tt>, using this option is
discouraged.  Setting <tt>ldap.accountEmailAddress</tt> and importing the
email address from the LDAP directory is generally preferred.</p>
</dd>
<dt>
<a id="auth.contributorAgreements"></a>auth.contributorAgreements
</dt>
<dd>
<p>Controls whether or not the contributor agreement features are
enabled for the Gerrit site.  If enabled a user must complete a
contributor agreement before they can upload changes.</p>
<p>If enabled, the admin must also insert one or more rows into
<tt>contributor_agreements</tt> and create agreement files under
<tt><em>$site_path</em>/static</tt>, so users can actually complete one or
more agreements.</p>
<p>By default this is false (no agreements are used).</p>
</dd>
<dt>
auth.allowGoogleAccountUpgrade
</dt>
<dd>
<p>Allows Google Account users to automatically update their Gerrit
account when/if their Google Account OpenID identity token changes.
Identity tokens can change if the server changes hostnames, or
for other reasons known only to Google.  The upgrade path works
by matching users by email address if the identity is not present,
and then changing the identity.</p>
<p>This setting also permits old Gerrit 1.x users to seamlessly upgrade
from Google Accounts on Google App Engine to OpenID authentication.</p>
<p>Having this enabled incurs an extra database query when Google
Account users register with the Gerrit2 server.</p>
<p>By default, unset/false.</p>
</dd>
</dl>
<h3><a id="cache"></a>Section cache</h3>
<dl>
<dt>
<a id="cache.directory"></a>cache.directory
</dt>
<dd>
<p>Path to a local directory where Gerrit can write cached entities for
future lookup.  This local disk cache is used to retain potentially
expensive to compute information across restarts.  If the location
does not exist, Gerrit will try to create it.</p>
<p>If not absolute, the path is resolved relative to <tt>$site_path</tt>.</p>
<p>Default is unset, no disk cache.</p>
</dd>
<dt>
<a id="cache.name.maxAge"></a>cache.&lt;name&gt;.maxAge
</dt>
<dd>
<p>Maximum age to keep an entry in the cache.  If an entry has not
been accessed in this period of time, it is removed from the cache.
Values should use common unit suffixes to express their setting:</p>
<ul>
<li>
<p>
s, sec, second, seconds
</p>
</li>
<li>
<p>
m, min, minute, minutes
</p>
</li>
<li>
<p>
h, hr, hour, hours
</p>
</li>
<li>
<p>
d, day, days
</p>
</li>
<li>
<p>
w, week, weeks (<tt>1 week</tt> is treated as <tt>7 days</tt>)
</p>
</li>
<li>
<p>
mon, month, months (<tt>1 month</tt> is treated as <tt>30 days</tt>)
</p>
</li>
<li>
<p>
y, year, years (<tt>1 year</tt> is treated as <tt>365 days</tt>)
</p>
</li>
</ul>
<p>If a unit suffix is not specified, <tt>minutes</tt> is assumed.  If 0 is
supplied, the maximum age is infinite and items are never purged
except when the cache is full.</p>
<p>Default is <tt>90 days</tt> for most caches, except:</p>
<ul>
<li>
<p>
<tt>"ldap_groups"</tt>: default is <tt>1 hour</tt>
</p>
</li>
<li>
<p>
<tt>"openid"</tt>: default is <tt>5 minutes</tt>
</p>
</li>
<li>
<p>
<tt>"web_sessions"</tt>: default is <tt>12 hours</tt>
</p>
</li>
</ul>
</dd>
<dt>
<a id="cache.name.memoryLimit"></a>cache.&lt;name&gt;.memoryLimit
</dt>
<dd>
<p>Maximum number of cache items to retain in memory.  Keep in mind
this is total number of items, not bytes of heap used.</p>
<p>Default is 1024 for most caches, except:</p>
<ul>
<li>
<p>
<tt>"diff"</tt>: default is <tt>128</tt>
</p>
</li>
<li>
<p>
<tt>"openid"</tt>: default is <tt>64</tt>
</p>
</li>
</ul>
</dd>
<dt>
<a id="cache.name.diskLimit"></a>cache.&lt;name&gt;.diskLimit
</dt>
<dd>
<p>Maximum number of cache items to retain on disk, if this cache
supports storing its items to disk.  Like memoryLimit, this is
total number of items, not bytes of disk used.  If 0, disk storage
for this cache is disabled.</p>
<p>Default is 16384.</p>
</dd>
<dt>
<a id="cache.name.diskBuffer"></a>cache.&lt;name&gt;.diskBuffer
</dt>
<dd>
<p>Number of bytes to buffer in memory before writing less frequently
accessed cache items to disk, if this cache supports storing its
items to disk.</p>
<p>Default is 5 MiB.</p>
<p>Common unit suffixes of <em>k</em>, <em>m</em>, or <em>g</em> are supported.</p>
</dd>
</dl>
<h4><a id="cache_names"></a>Standard Caches</h4>
<dl>
<dt>
cache <tt>"accounts"</tt>
</dt>
<dd>
<p>Cache entries contain important details of an active user, including
their display name, preferences, known email addresses, and group
memberships.  Entry information is obtained from the following
database tables:</p>
<ul>
<li>
<p>
<tt>accounts</tt>
</p>
</li>
<li>
<p>
<tt>account_group_members</tt>
</p>
</li>
<li>
<p>
<tt>account_external_ids</tt>
</p>
</li>
</ul>
<p>If direct updates are made to any of these database tables, this
cache should be flushed.</p>
</dd>
<dt>
cache <tt>"accounts_byemail"</tt>
</dt>
<dd>
<p>Caches account identities keyed by email address, which is scanned
from the <tt>account_external_ids</tt> database table.  If updates are
made to this table, this cache should be flushed.</p>
</dd>
<dt>
cache <tt>"diff"</tt>
</dt>
<dd>
<p>Each item caches the differences between two commits, at both the
directory and file levels.  Gerrit uses this cache to accelerate
the display of affected file names, as well as file contents.</p>
<p>Entries in this cache are relatively large, so the memory limit
should not be set incredibly high.  Administrators should try to
target cache.diff.memoryLimit to be roughly the number of changes
which their users will process in a 1 or 2 day span.</p>
<p>Keeping entries for 90 days gives sufficient time for most changes
to be submitted or abandoned before their relevant difference items
expire out.</p>
</dd>
<dt>
cache <tt>"groups"</tt>
</dt>
<dd>
<p>Caches the basic group information from the <tt>account_groups</tt> table,
including the group owner, name, and description.</p>
<p>Gerrit group membership obtained from the <tt>account_group_members</tt>
table is cached under the <tt>"accounts"</tt> cache, above.  External group
membership obtained from LDAP is cached under <tt>"ldap_groups"</tt>.</p>
</dd>
<dt>
cache <tt>"ldap_groups"</tt>
</dt>
<dd>
<p>Caches the LDAP groups that a user belongs to, if LDAP has been
configured on this server.  This cache should be configured with a
low maxAge setting, to ensure LDAP modifications are picked up in
a timely fashion.</p>
</dd>
<dt>
cache <tt>"ldap_usernames"</tt>
</dt>
<dd>
<p>Caches a mapping of LDAP username to Gerrit account identity.  The
cache automatically updates when a user first creates their account
within Gerrit, so the cache expire time is largely irrelevant.</p>
</dd>
<dt>
cache <tt>"openid"</tt>
</dt>
<dd>
<p>If OpenID authentication is enabled, caches the OpenID discovery
response by URL, for up to 5 minutes.  This can reduce the time
required for OpenID authentication through very common providers,
such as Google Accounts.</p>
</dd>
<dt>
cache <tt>"projects"</tt>
</dt>
<dd>
<p>Caches the project description records, from the <tt>projects</tt> table
in the database.  If a project record is updated or deleted, this
cache should be flushed.  Newly inserted projects do not require
a cache flush, as they will be read upon first reference.</p>
</dd>
<dt>
cache <tt>"sshkeys"</tt>
</dt>
<dd>
<p>Caches unpacked versions of user SSH keys, so the internal SSH daemon
can match against them during authentication.  The unit of storage
is per-user, so 1024 items translates to 1024 unique user accounts.
As each individual user account may configure multiple SSH keys,
the total number of keys may be larger than the item count.</p>
<p>This cache is based off the <tt>account_ssh_keys</tt> table and the
<tt>accounts.ssh_user_name</tt> column in the database.  If either is
modified directly, this cache should be flushed.</p>
</dd>
<dt>
cache <tt>"web_sessions"</tt>
</dt>
<dd>
<p>Tracks the live user sessions coming in over HTTP.  Flushing this
cache would cause all users to be signed out immediately, forcing
them to sign-in again.  To avoid breaking active users, this cache
is not flushed automatically by <tt>gerrit flush-caches &#8212;all</tt>, but
instead must be explicitly requested.</p>
<p>If no disk cache is configured (or <tt>cache.web_sessions.diskLimit</tt>
is set to 0) a server restart will force all users to sign-out,
and need to sign-in again after the restart, as the cache was
unable to persist the session information.  Enabling a disk cache
is strongly recommended.</p>
<p>Session storage is relatively inexpensive, the average entry in
this cache is approximately 248 bytes, depending on the JVM.</p>
</dd>
</dl>
<p>See also <a href="cmd-flush-caches.html">gerrit flush-caches</a>.</p>
<h3><a id="contactstore"></a>Section contactstore</h3>
<dl>
<dt>
<a id="contactstore.url"></a>contactstore.url
</dt>
<dd>
<p>URL of the web based contact store Gerrit will send any offline
contact information to when it collects the data from users as part
of a contributor agreement.</p>
<p>See <a href="config-contact.html">Contact Information</a>.</p>
</dd>
<dt>
<a id="contactstore.appsec"></a>contactstore.appsec
</dt>
<dd>
<p>Shared secret of the web based contact store.</p>
</dd>
</dl>
<h3><a id="core"></a>Section core</h3>
<dl>
<dt>
<a id="core.packedGitWindowSize"></a>core.packedGitWindowSize
</dt>
<dd>
<p>Number of bytes of a pack file to load into memory in a single
read operation.  This is the "page size" of the JGit buffer cache,
used for all pack access operations.  All disk IO occurs as single
window reads.  Setting this too large may cause the process to load
more data than is required; setting this too small may increase
the frequency of <tt>read()</tt> system calls.</p>
<p>Default on JGit is 8 KiB on all platforms.</p>
<p>Common unit suffixes of <em>k</em>, <em>m</em>, or <em>g</em> are supported.</p>
</dd>
<dt>
<a id="core.packedGitLimit"></a>core.packedGitLimit
</dt>
<dd>
<p>Maximum number of bytes to load and cache in memory from pack files.
If JGit needs to access more than this many bytes it will unload less
frequently used windows to reclaim memory space within the process.
As this buffer must be shared with the rest of the JVM heap, it
should be a fraction of the total memory available.</p>
<p>Default on JGit is 10 MiB on all platforms.</p>
<p>Common unit suffixes of <em>k</em>, <em>m</em>, or <em>g</em> are supported.</p>
</dd>
<dt>
<a id="core.deltaBaseCaseLimit"></a>core.deltaBaseCacheLimit
</dt>
<dd>
<p>Maximum number of bytes to reserve for caching base objects
that multiple deltafied objects reference.  By storing the entire
decompressed base object in a cache Git is able to avoid unpacking
and decompressing frequently used base objects multiple times.</p>
<p>Default on JGit is 10 MiB on all platforms.  You probably do not
need to adjust this value.</p>
<p>Common unit suffixes of <em>k</em>, <em>m</em>, or <em>g</em> are supported.</p>
</dd>
<dt>
<a id="core.packedGitOpenFiles"></a>core.packedGitOpenFiles
</dt>
<dd>
<p>Maximum number of pack files to have open at once.  A pack file
must be opened in order for any of its data to be available in
a cached window.</p>
<p>If you increase this to a larger setting you may need to also adjust
the ulimit on file descriptors for the host JVM, as Gerrit needs
additional file descriptors available for network sockets and other
repository data manipulation.</p>
<p>Default on JGit is 128 file descriptors on all platforms.</p>
</dd>
<dt>
<a id="core.packedGitMmap"></a>core.packedGitMmap
</dt>
<dd>
<p>When true, JGit will use <tt>mmap()</tt> rather than <tt>malloc()+read()</tt>
to load data from pack files.  The use of mmap can be problematic
on some JVMs as the garbage collector must deduce that a memory
mapped segment is no longer in use before a call to <tt>munmap()</tt>
can be made by the JVM native code.</p>
<p>In server applications (such as Gerrit) that need to access many
pack files, setting this to true risks artifically running out
of virtual address space, as the garbage collector cannot reclaim
unused mapped spaces fast enough.</p>
<p>Default on JGit is false. Although potentially slower, it yields
much more predictable behavior.</p>
</dd>
</dl>
<h3><a id="gerrit"></a>Section gerrit</h3>
<dl>
<dt>
<a id="gerrit.basePath"></a>gerrit.basePath
</dt>
<dd>
<p>Local filesystem directory holding all Git repositories that
Gerrit knows about and can process changes for.  A project
entity in Gerrit maps to a local Git repository by creating
the path string <tt>"${basePath}/${project_name}.git"</tt>.</p>
<p>If relative, the path is resolved relative to <tt><em>$site_path</em></tt>.</p>
</dd>
<dt>
<a id="gerrit.canonicalWebUrl"></a>gerrit.canonicalWebUrl
</dt>
<dd>
<p>The default URL for Gerrit to be accessed through.</p>
<p>Typically this would be set to "http://review.example.com/" or
"http://example.com/gerrit/" so Gerrit can output links that point
back to itself.</p>
<p>Setting this is highly recommended, as its necessary for the upload
code invoked by "git push" or "repo upload" to output hyperlinks
to the newly uploaded changes.</p>
</dd>
<dt>
<a id="gerrit.canonicalGitUrl"></a>gerrit.canonicalGitUrl
</dt>
<dd>
<p>Optional base URL for repositories available over the anonymous git
protocol.  For example, set this to <tt>git://mirror.example.com/base/</tt>
to have Gerrit display patch set download URLs in the UI.  Gerrit
automatically appends the project name onto the end of the URL.</p>
<p>By default unset, as the git daemon must be configured externally
by the system administrator, and might not even be running on the
same host as Gerrit.</p>
</dd>
</dl>
<h3><a id="gitweb"></a>Section gitweb</h3>
<p>See also <a href="config-gitweb.html">Gitweb Integration</a>.</p>
<dl>
<dt>
<a id="gitweb.url"></a>gitweb.url
</dt>
<dd>
<p>Optional URL of an affiliated gitweb service.  Defines the
web location where a <tt>gitweb.cgi</tt> is installed to browse
gerrit.basePath and the repositories it contains.</p>
<p>Gerrit appends any necessary query arguments onto the end of this URL.
For example, "?p=$project.git;h=$commit".</p>
</dd>
</dl>
<h3><a id="ldap"></a>Section ldap</h3>
<p>LDAP integration is only enabled if <tt>auth.type</tt> was set to
<tt>HTTP_LDAP</tt> or <tt>LDAP</tt>.  See above for a detailed description of
the auth.type settings and their implications.</p>
<p>An example LDAP configuration follows, and then discussion of
the parameters introduced here.  Suitable defaults for most
parameters are automatically guessed based on the type of server
detected during startup.  The guessed defaults support both
<a href="http://www.ietf.org/rfc/rfc2307.txt">RFC 2307</a> and Active
Directory.</p>
<div class="exampleblock">
<div class="exampleblock-content">
<div class="literalblock">
<div class="content">
<pre><tt>[ldap]
  server = ldap://ldap.example.com
  #
  accountBase = ou=people,dc=example,dc=com
  accountPattern = (&amp;(objectClass=person)(uid=${username}))
  accountFullName = displayName
  accountEmailAddress = mail
  #
  groupBase = ou=groups,dc=example,dc=com
  groupMemberPattern = (&amp;(objectClass=group)(member=${dn}))</tt></pre>
</div></div>
</div></div>
<dl>
<dt>
<a id="ldap.server"></a>ldap.server
</dt>
<dd>
<p>URL of the organization's LDAP server to query for user information
and group membership from.  Must be of the form <tt>ldap://host</tt> or
<tt>ldaps://host</tt> to bind with either a plaintext or SSL connection.</p>
<p>If auth.type is <tt>LDAP</tt> this setting should use <tt>ldaps://</tt> to
ensure the end user's plaintext password is transmitted only over
an encrypted connection.</p>
</dd>
<dt>
<a id="ldap.sslVerify"></a>ldap.sslVerify
</dt>
<dd>
<p>If false and ldap.server is an <tt>ldaps://</tt> style URL, Gerrit
will not verify the server certificate when it connects to
perform a query.</p>
<p>By default, true, requiring the certificate to be verified.</p>
</dd>
<dt>
<a id="ldap.username"></a>ldap.username
</dt>
<dd>
<p><em>(Optional)</em> Username to bind to the LDAP server with.  If not set,
an anonymous connection to the LDAP server is attempted.</p>
</dd>
<dt>
<a id="ldap.password"></a>ldap.password
</dt>
<dd>
<p><em>(Optional)</em> Password for the user identified by <tt>ldap.username</tt>.
If not set, an anonymous (or passwordless) connection to the LDAP
server is attempted.</p>
</dd>
<dt>
<a id="ldap.accountBase"></a>ldap.accountBase
</dt>
<dd>
<p>Root of the tree containing all user accounts.  This is typically
of the form <tt>ou=people,dc=example,dc=com</tt>.</p>
</dd>
<dt>
<a id="ldap.accountScope"></a>ldap.accountScope
</dt>
<dd>
<p>Scope of the search performed for accounts.  Must be one of:</p>
<ul>
<li>
<p>
<tt>one</tt>: Search only one level below accountBase, but not recursive
</p>
</li>
<li>
<p>
<tt>sub</tt> or <tt>subtree</tt>: Search recursively below accountBase
</p>
</li>
<li>
<p>
<tt>base</tt> or <tt>object</tt>: Search exactly accountBase; probably not desired
</p>
</li>
</ul>
<p>Default is <tt>subtree</tt> as many directories have several levels.</p>
</dd>
<dt>
<a id="ldap.accountPattern"></a>ldap.accountPattern
</dt>
<dd>
<p>Query pattern to use when searching for a user account.  This may be
any valid LDAP query expression, including the standard <tt>(&amp;&#8230;)</tt> and
<tt>(|&#8230;)</tt> operators.  If auth.type is <tt>HTTP_LDAP</tt> then the variable
<tt>${username}</tt> is replaced with a parameter set to the username
that was supplied by the HTTP server.  If auth.type is <tt>LDAP</tt> then
the variable <tt>${username}</tt> is replaced by the string entered by
the end user.</p>
<p>This pattern is used to search the objects contained directly under
the <tt>ldap.accountBase</tt> tree.  A typical setting for this parameter
is <tt>(uid=${username})</tt> or <tt>(cn=${username})</tt>, but the proper
setting depends on the LDAP schema used by the directory server.</p>
<p>Default is <tt>(uid=${username})</tt> for RFC 2307 servers,
for Active Directory.</p>
</dd>
<dt>
<a id="ldap.accountFullName"></a>ldap.accountFullName
</dt>
<dd>
<p><em>(Optional)</em> Name of an attribute on the user account object which
contains the initial value for the user's full name field in Gerrit.
Typically this is the <tt>displayName</tt> property in LDAP, but could
also be <tt>legalName</tt> or <tt>cn</tt>.</p>
<p>Attribute values may be concatenated with literal strings, for
example to join given name and surname together use the pattern
<tt>${givenName} ${SN}</tt>.</p>
<p>If set, users will be unable to modify their full name field, as
Gerrit will populate it only from the LDAP data.</p>
<p>Default is <tt>displayName</tt> for RFC 2307 servers,</p>
</dd>
<dt>
<a id="ldap.accountEmailAddress"></a>ldap.accountEmailAddress
</dt>
<dd>
<p><em>(Optional)</em> Name of an attribute on the user account object which
contains the user's Internet email address, as defined by this
LDAP server.</p>
<p>Attribute values may be concatenated with literal strings,
for example to set the email address to the lowercase form
of sAMAccountName followed by a constant domain name, use
<tt>${sAMAccountName.toLowerCase}@example.com</tt>.</p>
<p>If set, the preferred email address will be prefilled from LDAP,
but users may still be able to register additional email address,
and select a different preferred email address.</p>
<p>Default is <tt>mail</tt>.</p>
</dd>
<dt>
<a id="ldap.accountSshUserName"></a>ldap.accountSshUserName
</dt>
<dd>
<p><em>(Optional)</em> Name of an attribute on the user account object which
contains the initial value for the user's SSH username field in
Gerrit.  Typically this is the <tt>uid</tt> property in LDAP, but could
also be <tt>cn</tt>.  Administrators should prefer to match the attribute
corresponding to the user's workstation username, as this is what
SSH clients will default to.</p>
<p>Attribute values may also be forced to lowercase, or to uppercase in
an expression.  For example, <tt>${sAMAccountName.toLowerCase}</tt> will
force the value of sAMAccountName, if defined, to be all lowercase.
The suffix <tt>.toUpperCase</tt> can be used for the other direction.
The suffix <tt>.localPart</tt> can be used to split attribute values of
the form <em>user@example.com</em> and return only the left hand side, for
example <tt>${userPrincipalName.localPart}</tt> would provide only <em>user</em>.</p>
<p>If set, users will be unable to modify their SSH username field, as
Gerrit will populate it only from the LDAP data.</p>
<p>Default is <tt>uid</tt> for RFC 2307 servers,
and <tt>${sAMAccountName.toLowerCase}</tt> for Active Directory.</p>
</dd>
<dt>
<a id="ldap.accountMemberField"></a>ldap.accountMemberField
</dt>
<dd>
<p><em>(Optional)</em> Name of an attribute on the user account object which
contains the groups the user is part of. Typically used for Active
Directory servers.</p>
<p>Default is unset for RFC 2307 servers (disabled)
and <tt>memberOf</tt> for Active Directory.</p>
</dd>
<dt>
<a id="ldap.groupBase"></a>ldap.groupBase
</dt>
<dd>
<p>Root of the tree containing all group objects.  This is typically
of the form <tt>ou=groups,dc=example,dc=com</tt>.</p>
</dd>
<dt>
<a id="ldap.groupScope"></a>ldap.groupScope
</dt>
<dd>
<p>Scope of the search performed for group objects.  Must be one of:</p>
<ul>
<li>
<p>
<tt>one</tt>: Search only one level below groupBase, but not recursive
</p>
</li>
<li>
<p>
<tt>sub</tt> or <tt>subtree</tt>: Search recursively below groupBase
</p>
</li>
<li>
<p>
<tt>base</tt> or <tt>object</tt>: Search exactly groupBase; probably not desired
</p>
</li>
</ul>
<p>Default is <tt>subtree</tt> as many directories have several levels.</p>
</dd>
<dt>
<a id="ldap.groupPattern"></a>ldap.groupPattern
</dt>
<dd>
<p>Query pattern used when searching for an LDAP group to connect
to a Gerrit group.  This may be any valid LDAP query expression,
including the standard <tt>(&amp;&#8230;)</tt> and <tt>(|&#8230;)</tt> operators.  The variable
<tt>${groupname}</tt> is replaced with the search term supplied by the
group owner.</p>
<p>Default is <tt>(cn=${groupname})</tt> for RFC 2307,
and <tt>(&amp;(objectClass=group)(cn=${groupname}))</tt> for Active Directory.</p>
</dd>
<dt>
<a id="ldap.groupMemberPattern"></a>ldap.groupMemberPattern
</dt>
<dd>
<p>Query pattern to use when searching for the groups that a user
account is currently a member of.  This may be any valid LDAP query
expression, including the standard <tt>(&amp;&#8230;)</tt> and <tt>(|&#8230;)</tt> operators.</p>
<p>If auth.type is <tt>HTTP_LDAP</tt> then the variable <tt>${username}</tt> is
replaced with a parameter set to the username that was supplied
by the HTTP server.  Other variables appearing in the pattern,
such as <tt>${fooBarAttribute}</tt>, are replaced with the value of the
corresponding attribute (in this case, <tt>fooBarAttribute</tt>) as read
from the user's account object matched under <tt>ldap.accountBase</tt>.
Attributes such as <tt>${dn}</tt> or <tt>${uidNumber}</tt> may be useful.</p>
<p>Default is <tt>(memberUid=${username})</tt> for RFC 2307,
and unset (disabled) for Active Directory.</p>
</dd>
</dl>
<h3><a id="mimetype"></a>Section mimetype</h3>
<dl>
<dt>
<a id="mimetype.name.safe"></a>mimetype.&lt;name&gt;.safe
</dt>
<dd>
<p>If set to true, files with the MIME type <tt>&lt;name&gt;</tt> will be sent as
direct downloads to the user's browser, rather than being wrapped up
inside of zipped archives.  The type name may be a complete type
name, e.g. <tt>image/gif</tt>, a generic media type, e.g. <tt>image/*</tt>,
or the wildcard <tt>*/*</tt> to match all types.</p>
<p>By default, false for all MIME types.</p>
</dd>
</dl>
<p>Common examples:</p>
<div class="exampleblock">
<div class="exampleblock-content">
<div class="literalblock">
<div class="content">
<pre><tt>[mimetype "image/*"]
  safe = true
[mimetype "application/pdf"]
  safe = true
[mimetype "application/msword"]
  safe = true
[mimetype "application/vnd.ms-excel"]
  safe = true</tt></pre>
</div></div>
</div></div>
<h3><a id="repo"></a>Section repo</h3>
<dl>
<dt>
<a id="repo.showDownloadCommand"></a>repo.showDownloadCommand
</dt>
<dd>
<p>If set to true, Gerrit advertises patch set downloads with the
<tt>repo download</tt> command, assuming that all projects managed by this
instance are generally worked on with the repo multi-repository tool.</p>
<p>By default, false, as not all instances will deploy repo.</p>
</dd>
</dl>
<h3><a id="sendemail"></a>Section sendemail</h3>
<dl>
<dt>
<a id="sendemail.enable"></a>sendemail.enable
</dt>
<dd>
<p>If false Gerrit will not send email messages, for any reason,
and all other properties of section sendemail are ignored.</p>
<p>By default, true, allowing notifications to be sent.</p>
</dd>
<dt>
<a id="sendemail.from"></a>sendemail.from
</dt>
<dd>
<p>Designates what name and address Gerrit will place in the From
field of any generated email messages.  The supported values are:</p>
<ul>
<li>
<p>
<tt>USER</tt>
</p>
<p>Gerrit will set the From header to use the current user's
Full Name and Preferred Email.  This may cause messsages to be
classified as spam if the user's domain has SPF or DKIM enabled
and <a href="#sendemail.smtpServer">sendemail.smtpServer</a> is not a trusted
relay for that domain.</p>
</li>
<li>
<p>
<tt>MIXED</tt>
</p>
<p>Shorthand for <tt>${user} (Code Review) &lt;review@example.com&gt;</tt> where
<tt>review@example.com</tt> is the same as <a href="#user.email">user.email</a>.
See below for a description of how the replacement is handled.</p>
</li>
<li>
<p>
<tt>SERVER</tt>
</p>
<p>Gerrit will set the From header to the same name and address
it records in any commits Gerrit creates.  This is set by
<a href="#user.name">user.name</a> and <a href="#user.email">user.email</a>, or guessed
from the local operating system.</p>
</li>
<li>
<p>
<em>Code Review</em> <tt>&lt;</tt><em>review</em><tt>@</tt><em>example.com</em><tt>&gt;</tt>
</p>
<p>If set to a name and email address in brackets, Gerrit will use
this name and email address for any messages, overriding the name
that may have been selected for commits by user.name and user.email.
Optionally, the name portion may contain the placeholder <tt>${user}</tt>,
which is replaced by the Full Name of the current user.</p>
</li>
</ul>
<p>By default, MIXED.</p>
</dd>
<dt>
<a id="sendemail.smtpServer"></a>sendemail.smtpServer
</dt>
<dd>
<p>Hostname (or IP address) of a SMTP server that will relay
messages generated by Gerrit to end users.</p>
<p>By default, 127.0.0.1 (aka localhost).</p>
</dd>
<dt>
<a id="sendemail.smtpServerPort"></a>sendemail.smtpServerPort
</dt>
<dd>
<p>Port number of the SMTP server in sendemail.smtpserver.</p>
<p>By default, 25, or 465 if smtpEncryption is <em>ssl</em>.</p>
</dd>
<dt>
<a id="sendemail.smtpEncryption"></a>sendemail.smtpEncryption
</dt>
<dd>
<p>Specify the encryption to use, either <em>ssl</em> or <em>tls</em>.</p>
<p>By default, <em>none</em>, indicating no encryption is used.</p>
</dd>
<dt>
<a id="sendemail.sslVerify"></a>sendemail.sslVerify
</dt>
<dd>
<p>If false and sendemail.smtpEncryption is <em>ssl</em> or <em>tls</em>, Gerrit
will not verify the server certificate when it connects to send
an email message.</p>
<p>By default, true, requiring the certificate to be verified.</p>
</dd>
<dt>
<a id="sendemail.smtpUser"></a>sendemail.smtpUser
</dt>
<dd>
<p>User name to authenticate with, if required for relay.</p>
</dd>
<dt>
<a id="sendemail.smtpPass"></a>sendemail.smtpPass
</dt>
<dd>
<p>Password for the account named by sendemail.smtpUser.</p>
</dd>
<dt>
<a id="sendemail.allowrcpt"></a>sendemail.allowrcpt
</dt>
<dd>
<p>If present, each value adds one entry to the whitelist of email
addresses that Gerrit can send email to.  If set to a complete
email address, that one address is added to the white list.
If set to a domain name, any address at that domain can receive
email from Gerrit.</p>
<p>By default, unset, permitting delivery to any email address.</p>
</dd>
</dl>
<h3><a id="sshd"></a> Section sshd</h3>
<dl>
<dt>
<a id="sshd.listenAddress"></a>sshd.listenAddress
</dt>
<dd>
<p>Specifies the local addresses the internal SSHD should listen
for connections on.  The following forms may be used to specify
an address.  In any form, <tt>:<em>port</em></tt> may be omitted to use the
default of 29418.</p>
<ul>
<li>
<p>
<em>hostname</em>:<em>port</em> (for example <tt>review.example.com:29418</tt>)
</p>
</li>
<li>
<p>
<em>IPv4</em>:<em>port</em> (for example <tt>10.0.0.1:29418</tt>)
</p>
</li>
<li>
<p>
[<em>IPv6</em>]:<em>port</em> (for example <tt>[ff02::1]:29418</tt>)
</p>
</li>
<li>
<p>
*:<em>port</em> (for example <tt>*:29418</tt>)
</p>
</li>
</ul>
<p>If multiple values are supplied, the daemon will listen on all
of them.</p>
<p>By default, *:29418.</p>
</dd>
<dt>
<a id="sshd.reuseAddress"></a>sshd.reuseAddress
</dt>
<dd>
<p>If true, permits the daemon to bind to the port even if the port
is already in use.  If false, the daemon ensures the port is not
in use before starting.  Busy sites may need to set this to true
to permit fast restarts.</p>
<p>By default, true.</p>
</dd>
<dt>
<a id="sshd.tcpKeepAlive"></a>sshd.tcpKeepAlive
</dt>
<dd>
<p>If true, enables TCP keepalive messages to the other side, so
the daemon can terminate connections if the peer disappears.</p>
<p>By default, true.</p>
</dd>
<dt>
<a id="sshd.cipher"></a>sshd.cipher
</dt>
<dd>
<p>Available ciphers.  To permit multiple ciphers, specify multiple
<tt>sshd.cipher</tt> keys in the configuration file, one cipher name
per key.  Cipher names starting with <tt>+</tt> are enabled in addition
to the default ciphers, cipher names starting with <tt>-</tt> are removed
from the default cipher set.</p>
<p>Supported ciphers: aes128-cbc, aes128-cbc, aes256-cbc, blowfish-cbc,
3des-cbc, none.</p>
<p>By default, all supported ciphers except <tt>none</tt> are available.</p>
</dd>
<dt>
<a id="sshd.mac"></a>sshd.mac
</dt>
<dd>
<p>Available MAC (message authentication code) algorithms.  To permit
multiple algorithms, specify multiple <tt>sshd.mac</tt> keys in the
configuration file, one MAC per key.  MAC names starting with <tt>+</tt>
are enabled in addition to the default MACs, MAC names starting with
<tt>-</tt> are removed from the default MACs.</p>
<p>Supported MACs: hmac-md5, hmac-md5-96, hmac-sha1, hmac-sha1-96.</p>
<p>By default, all supported MACs are available.</p>
</dd>
</dl>
<h3><a id="user"></a> Section user</h3>
<dl>
<dt>
<a id="user.name"></a>user.name
</dt>
<dd>
<p>Name that Gerrit calls itself in Git when it creates a new Git
commit, such as a merge during change submission.</p>
<p>By default this is "Gerrit Code Review".</p>
</dd>
<dt>
<a id="user.email"></a>user.email
</dt>
<dd>
<p>Email address that Gerrit refers to itself as when it creates a
new Git commit, such as a merge commit during change submission.</p>
<p>If not set, Gerrit generates this as "gerrit@<tt>hostname</tt>", where
<tt>hostname</tt> is the hostname of the system Gerrit is running on.</p>
<p>By default, not set, generating the value at startup.</p>
</dd>
</dl>
</div>
<h2>File <tt>replication.config</tt></h2>
<div class="sectionbody">
<p>The optional file <tt><em>$site_path</em>/replication.config</tt> controls how
Gerrit automatically replicates changes it makes to any of the Git
repositories under its control.</p>
<ul>
<li>
<p>
<a href="config-replication.html">Git Replication/Mirroring</a>
</p>
</li>
</ul>
</div>
<h2>Database system_config</h2>
<div class="sectionbody">
<p>Several columns in the <tt>system_config</tt> table within the metadata
database may be set to control how Gerrit behaves.</p>
<div class="admonitionblock">
<table><tr>
<td class="icon">
<div class="title">Note</div>
</td>
<td class="content">The contents of the <tt>system_config</tt> table are cached at startup
by Gerrit.  If you modify any columns in this table, Gerrit needs
to be restarted before it will use the new values.</td>
</tr></table>
</div>
<h3>Configurable Parameters</h3>
<dl>
<dt>
site_path
</dt>
<dd>
<p>Local filesystem directory holding the site customization assets.
Placing this directory under version control and/or backup is a
good idea.</p>
<p>SSH key files (<tt>ssh_host_rsa_key</tt> and <tt>ssh_host_dsa_key</tt> or
<tt>ssh_host_key</tt>) in this directory provide the host keys for the
internal SSH daemon.</p>
<p>Other files support site customization.</p>
<ul>
<li>
<p>
<a href="config-headerfooter.html">Site Header/Footer</a>
</p>
</li>
<li>
<p>
<a href="config-replication.html">Git Replication/Mirroring</a>
</p>
</li>
</ul>
</dd>
</dl>
<h3>Not User Serviceable</h3>
<p>These fields generally shouldn't be modified.</p>
<dl>
<dt>
register_email_private_key
</dt>
<dd>
<p>Private key used to sign the links emailed to users when they
request to register a new email address on their user account.
When the link is activated, the private key authenticates the link
was created and sent by this Gerrit server, proving that the user
can receive email at the address they are registering.</p>
<p>This column is automatically generated when the database is
initialized.  Changing it to a new value would cause all current
links to be invalidated.</p>
<p>Changing it is not recommended.</p>
</dd>
<dt>
admin_group_id
</dt>
<dd>
<p>Unique identity of the group with full privileges.  Any user who
is a member of this group may manage any other group, any project,
and other system settings over the web.</p>
<p>This is initialized by Gerrit to be the "Administrators" group.</p>
<p>Changing it is not recommended.</p>
</dd>
<dt>
anonymous_group_id
</dt>
<dd>
<p>Unique identity of the group for anonymous (not authenticated) users.</p>
<p>All users are a member of this group, whether or not they are
actually signed in to Gerrit.  Any access rights assigned to
this group are inherited by all users.</p>
<p>This is initialized by Gerrit to be the "Anonymous Users" group.</p>
<p>Changing it is not recommended.</p>
</dd>
<dt>
registered_group_id
</dt>
<dd>
<p>Unique identity of the group for all authenticated users.</p>
<p>All signed-in users are a member of this group.  Any access rights
assigned to this group are inherited by all users once they have
authenticated to Gerrit.</p>
<p>Since account registration is open and fairly easy to obtain,
moving from the "Anonymous Users" group to this group is not
very difficult.  Caution should be taken when assigning any
permissions to this group.</p>
<p>This is initialized by Gerrit to be the "Registered Users" group.</p>
<p>Changing it is not recommended.</p>
</dd>
</dl>
</div>
<hr style="
  height: 2px;
  color: silver;
  margin-top: 1.2em;
  margin-bottom: 0.5em;
">
<p>Part of <a href="index.html">Gerrit Code Review</a></p>
<div id="footer">
<div id="footer-text">
Version v2.0.24<br />
Last updated 02-Nov-2009 16:31:12 PDT
</div>
</div>
</body>
</html>
